Kevin Poulsen, SecurityFocus 2003-11-06
Software developers on Wednesday detected and thwarted a hacker's scheme to submerge a slick backdoor in the next version of the Linux kernel, but security experts say the abortive caper proves that extremely subtle source code tampering is more than just the stuff of paranoid speculation.
Colapse all |
Post comment
Thwarted Linux backdoor hints at smarter hacks
2003-11-08
Anonymous Cowards (2 replies)
Anonymous Cowards (2 replies)
"no different from the buffer overflows that wind up in Microsoft products on a routine basis."
hahahaah, of course !
i never heard that the Microsoft (M$ for the specials persons among us) source tree get backdoored (exept for that nsa key stories years ago).
and if you do the math, you wi...
[ more ] [ reply ]
hahahaah, of course !
i never heard that the Microsoft (M$ for the specials persons among us) source tree get backdoored (exept for that nsa key stories years ago).
and if you do the math, you wi...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-09
Anonymous (4 replies)
Anonymous (4 replies)
Wouldn't this have been caught like REALLY quickly?
All it would have taken would be a few people running compromised linux machines behind a firewall, and a competent firewall admin who actually reads logs...
Clever technique, granted. But it wouldn't have gotten far....
[ more ] [ reply ]
All it would have taken would be a few people running compromised linux machines behind a firewall, and a competent firewall admin who actually reads logs...
Clever technique, granted. But it wouldn't have gotten far....
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-10
Anonymous
Anonymous
No, in fact, I believe that it would have taken quite some time to catch. I know several admins who feel they have no time for security. That's part of the problem.
The other part is that if you put in a really subtle back door, would you then attempt to use it flagrantly or would you also use ...
[ more ] [ reply ]
The other part is that if you put in a really subtle back door, would you then attempt to use it flagrantly or would you also use ...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-11
Anonymous (1 replies)
Anonymous (1 replies)
If it had got in and was just left to sleep there, what's the chance it would have been found?
If slim to none, embedding the trigger in a popular app, waiting until it was widely deployed, and then tripping the flags worldwide, all at once....
"They're MINE... all mine..."
muuuhhhaaaaahaaa...
[ more ] [ reply ]
If slim to none, embedding the trigger in a popular app, waiting until it was widely deployed, and then tripping the flags worldwide, all at once....
"They're MINE... all mine..."
muuuhhhaaaaahaaa...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
Penguinisto
Penguinisto
"If it had got in and was just left to sleep there, what's the chance it would have been found? "
Dunno... with open source, there are too many eyeballs on the source for it to have remained hidden for too awful long. Given the internal checks already present, plus the proposed (and widely approv...
[ more ] [ reply ]
Dunno... with open source, there are too many eyeballs on the source for it to have remained hidden for too awful long. Given the internal checks already present, plus the proposed (and widely approv...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
Anonymous
Anonymous
It wouldn't have gone far on a well administered System...
A majority of systems out there are that not, and we'll see more of those as companies start to swap away from M$ for money reasons.
Whoever tried that was not gunning for the top-administered sites out there, but for those one step be...
[ more ] [ reply ]
A majority of systems out there are that not, and we'll see more of those as companies start to swap away from M$ for money reasons.
Whoever tried that was not gunning for the top-administered sites out there, but for those one step be...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-10
Anonymous Also (1 replies)
Anonymous Also (1 replies)
Interesting that it almost became production code. Even the paranoid would be compromised if the CHECSKSUM included the backdoor.
I.E., what someone else wrote about the GNU Server being compromissed. ...
[ more ] [ reply ]
I.E., what someone else wrote about the GNU Server being compromissed. ...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-11
Anonymous
Anonymous
If something like this did manage to get into the production code for something as large as the linux kernel, we might have seen a huge breakdown in the faith of GNU and linux. Especially if a number of high level servers were compromised, while thousands of CC #'s flooding out onto the internet.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-11
Cid Skid the Former Script K1d (3 replies)
Cid Skid the Former Script K1d (3 replies)
All of the comments listed here are quite rediculous. First off the backdoor was a local privledge escalation vulnerability so if a server is already compromized it could have led to root on such server. Most production web servers/schools/the majority of computers on the net. arnt going to be much ...
[ more ] [ reply ]
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-11
Anonymous (1 replies)
Anonymous (1 replies)
"Nothing seems to give security people kicks like scaring the general public eh? "
You've got us pegged. We dream of opportunities like this. An issue like this is *obviously* a harmless prank, what's the big deal if it could be used to bring down 1 little measly site?
Actually... aren't ...
[ more ] [ reply ]
You've got us pegged. We dream of opportunities like this. An issue like this is *obviously* a harmless prank, what's the big deal if it could be used to bring down 1 little measly site?
Actually... aren't ...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
Anonymous
Anonymous
'Actually... aren't "security people" _paid_ to be scared?'
No they are paid to make proper risk assessments. What he wrote was a pretty good attempt at it. He's in essence right, a local exploit isn't a "big" deal. Remote overflows are far worse and whether something is put in the code deliberat...
[ more ] [ reply ]
No they are paid to make proper risk assessments. What he wrote was a pretty good attempt at it. He's in essence right, a local exploit isn't a "big" deal. Remote overflows are far worse and whether something is put in the code deliberat...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
dare-to-say
dare-to-say
Well I may tend to agree with the comments. But dont you think there could be more to installing of subtle backdoors in the linux kernel. IRC and shell boxes are becomming lesser and lesser day by day, and also many now host some BSD versions. So there is some one out there who was going to profit b...
[ more ] [ reply ]
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-11
Anonymous
Anonymous
This is just a 'scare' article to get people paranoid. A bug in the code - wow that's a new one. Oh it sounds better if there is a sinister plot that someone mysteriously planted this code. Are you telling me they couldn't have fixed or patched this problem even if it had been released - even if had...
[ more ] [ reply ]
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
Anonymous (2 replies)
Anonymous (2 replies)
My eight cents worth:
1. Better check all that code that runs with escalated privileges. (UNIX setuid programs, login programs etc, programs for Windows that bump privileges).
2. This classic C error is caught by static checkers like lint.
3. In Peter van der Linden's "Expert C Programming"...
[ more ] [ reply ]
1. Better check all that code that runs with escalated privileges. (UNIX setuid programs, login programs etc, programs for Windows that bump privileges).
2. This classic C error is caught by static checkers like lint.
3. In Peter van der Linden's "Expert C Programming"...
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-17
Anonymous
Anonymous
The single = in an if statement is a classical C novice mistake - and one that the most experienced programmers still need to watch out for. In this case, I doubt that it was a mistake. If (current->uid == 0) was intended, it would mean that root was exempt from the check for redundant flags. I'm no...
[ more ] [ reply ]
[ more ] [ reply ]
Thwarted Linux backdoor hints at smarter hacks
2003-11-12
Anonymous
Anonymous
Seems more a PR move by BitMover to promote their BitKeeper CVS replacement. Or maybe Microsoft found a way to get Linux "security" in the news. Apparently they're taking on Linux through "security." Imagine a 1000 PR monkeys with some programmer assistance. We may see an avalanche of these not-so-s...
[ more ] [ reply ]
[ more ] [ reply ]
This isnt very new, though the technique is neat to see implimented this same type of thing has been done and discovered before. Doesnt seem too complex to me at all, but I guess if blue boar is excited about it it must be cool....
-IBtheM
http://www.phrack.nl/...
[ more ] [ reply ]